Red Hat Directory Server 8.0 Administrator's Guide
• The actual password policy specification entry (nsPwPolicyEntry) for holding all the
password policy attributes that are specific to the subtree. For example:
dn: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: ldapsubentry
objectclass: passwordpolicy
• The CoS template entry (nsPwTemplateEntry) that has the pwdpolicysubentry value
pointing to the above (nsPwPolicyEntry) entry. For example:
dn: cn="cn=nsPwTemplateEntry,ou=people,dc=example,dc=com",
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: costemplate
objectclass: ldapsubentry
cosPriority: 1
pwdpolicysubentry: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
• The CoS specification entry at the subtree level. For example:
dn: cn=nsPwPolicy_cos,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
objectclass: cosSuperDefinition
objectclass: cosPointerDefinition
cosTemplateDn: cn="cn=nsPwTemplateEntry,ou=people,dc=example,dc=com",
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
cosAttribute: pwdpolicysubentry default operational
For a user (for example, uid=jdoe, ou=people, dc=example, dc=com), the following
entries are added:
• A container entry (nsPwPolicyContainer) at the parent level for holding various password
policy related entries for the user and all its children. For example:
dn: cn=nsPwPolicyContainer, ou=people, dc=example, dc=com
objectClass: top
objectClass: nsContainer
cn: nsPwPolicyContainer
• The actual password policy specification entry (nsPwPolicyEntry) for holding the
password policy attributes that are specific to the user. For example:
Configuring the Password Policy
253